What is CVE-2021-33829?

CVE-2021-33829 is a vulnerability in N/a. Published 2021-06-09.

Is CVE-2021-33829 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-33829

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

EPSS: 0.655 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

www.drupal.org/sa-core-2021-003 (x_refsource_CONFIRM)
ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/ (x_refsource_MISC)
FEDORA-2021-51457da891 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-72176a63a8 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-87578dca12 (vendor-advisory, x_refsource_FEDORA)
[debian-lts-announce] 20211109 [SECURITY] [DLA 2813-1] ckeditor security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-33829?: CVE-2021-33829 is a vulnerability in N/a. Published 2021-06-09.
Is CVE-2021-33829 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.